-1

I want to write a regular expression for extract selected fields in a the one line:

for example with this line

(2017-11-01 time=14:07:41)

i want write a regex to extract below result:

2017-11-01 14:07:41

in other words i want to showing a one group (2017-11-01 14:07:41) without the "time=" characters.

Bohemian
  • 412,405
  • 93
  • 575
  • 722
Amir Hossein Zargaran
  • 1
  • 1

1 Answers1

1

You can't do it with 1 group. Regex groups can't "skip" over characters.

You can do it with 2 groups:

\((.*? )time=(.*?)\)

or simpler, use regex replace in your language:

Search: \((.*? )time=(.*?)\)
Replace: $1$2   (or \1\2 depending on your language/tool)
Bohemian
  • 412,405
  • 93
  • 575
  • 722
  • I want create CEF log format Parser for fortiweb device. how can i use "Regex Replace" in my parser? – Amir Hossein Zargaran Nov 06 '17 at 07:16
  • What parameters does it take? – Bohemian Nov 06 '17 at 08:19
  • in the CEF Format i want to map extracted filed to the "endTime". the Standard format of endTime is : "yyyy-MM-dd HH:mm:ss" but in this case the "time=" character is annoying! – Amir Hossein Zargaran Nov 06 '17 at 08:55
  • I'm not going to research "CEF format". Tell me the various functions/config and their parameters. Without knowing anything about "CEF format", I would use the "search" regex to find the hits and use the "replace" regex as the output. You must find how to apply those yourself. – Bohemian Nov 06 '17 at 08:58